Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

NASA Denies Recent Iranian Hacker Claims

Earlier this month, SecurityWeek reported that NASA was investigating claims made by a group of Iranian hackers that an SSL certificate issued to its Research and Education Support Services (NRESS) group was compromised, and used in a Man-in-the-Middle attack.

Earlier this month, SecurityWeek reported that NASA was investigating claims made by a group of Iranian hackers that an SSL certificate issued to its Research and Education Support Services (NRESS) group was compromised, and used in a Man-in-the-Middle attack.

As part of the claimed attack, an Iranian student group comprised of programmers and hackers known as the Cyber Warriors Team, claimed to have compromised the certificate by exploiting an existing vulnerability within the portal’s login system. Once they had control over the certificate, they claimed to have used it to “obtain User information for thousands of NASA researcher With Emails and Accounts of other users.”

After telling SecurityWeek on May 18th that the space agency was investigating the claims, NASA has now said that the hacker claims appear to be false.

“NASA discovered the message within hours of its initial post and immediately started an investigation,” a NASA spokesperson told SecurityWeek on Friday via email. “Although the investigation is ongoing, all results thus far indicate that the claims are false.”

NASA“False compromise claims about intrusions on NASA IT systems are common,” the spokesperson added. “For example, the same day the Iranian claim was posted, NASA investigated two additional claims of intrusions posted on the same web site. They also were found to be false.”

While these claims may or may not be true based on what has been found so far, the agency has fallen victim to several breaches in the past, and has admitted its security shortcomings.

In March, NASA Inspector General Paul K. Martin told the House’s Committee on Science, Space, and Technology’s Subcommittee on Investigations and Oversight, that the agency faces serious challenges when it comes to protecting its information and systems from cyber attacks. Martin said that NASA was the victim of 47 APT attacks, 13 of which compromised agency systems during FY 2011. In one incident, attackers captured user credentials for more than 150 NASA employees that could have been used to gain unauthorized access to NASA systems. “The attackers had full functional control over these networks,” he said.

In response to the latest claims coming from the group of Iranian hackers, NASA said it was still investigating the issue, and assessing its security posture in certain places.

“To ensure that the subject systems are secure, NASA is re-validating its security profiles to ensure they are operating with minimal risk,” the NASA spokesperson said. “IT Security remains a critical function at NASA. At no point were any sensitive, mission, or classified systems compromised.”

Advertisement. Scroll to continue reading.

While NASA is refuting the claims that the said SSL certificate was compromised, and that no sensitive or classified information appear to have been accessed by attackers, it doesn’t mean that possibly some other IT assets were compromised. “This is as much as our security people are able to say on this,” the spokesperson said. “That doesn’t mean anything else was accessed, but I won’t be able to confirm it either way.”

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is founder and director of several leading cybersecurity industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how the LOtL threat landscape has evolved, why traditional endpoint hardening methods fall short, and how adaptive, user-aware approaches can reduce risk.

Watch Now

Join the summit to explore critical threats to public cloud infrastructure, APIs, and identity systems through discussions, case studies, and insights into emerging technologies like AI and LLMs.

Register

People on the Move

Kenna Security co-founder Ed Bellis has joined Empirical Security as Chief Executive Officer.

Robert Shaker II has joined application security firm ActiveState as Chief Product and Technology Officer.

MorganFranklin Cyber has promoted Nick Stallone and Ferdinand Hamada into newly created roles.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.